Valimail Defend joins Valimail’s suite of existing products:
- Valimail Enforce™, which helps companies protect themselves against fraudsters and phishers who are spoofing their domains
- Valimail Brand Trust™, which offers companies a customizable digital watermark for confirming that their emails are authentic, using both BIMI and Microsoft Business Profiles.
With Defend, we are adding the ability to block mail from untrusted domains — definitively.
How Valimail Defends Against Untrusted Mail
What does “untrusted” mean? It’s simple: If it’s not a known-good domain in our Trusted Domain Clearinghouse, it’s untrusted.
Spammers and phishers are very smart about generating new domains from which to launch their attacks. Often those new domains are crafted to look almost exactly like domains you already trust — altering just a couple of letters or using Unicode characters to substitute characters that look identical, but are actually different. These “cousin domain” or “lookalike” domain attacks are particularly tricky, because they’re aimed at fooling you — and they often succeed.
When a new domain pops into existence, most other approaches to email defense concentrate on trying to parse whether this new domain is “phishy” or not, using a host of factors.
With Valimail, by contrast, a new domain is presumed untrusted until proven otherwise. We are not simply looking at domain name permutations: We assume that all new domains are untrusted until we can validate that they are associated with a legitimate organization. This allows for a broader, more valuable approach to domain defense, and it solves the problem of cousin domains/lookalike domains instantly, without requiring any artificial intelligence techniques to guess at possible permutations.
Valimail has been analyzing and crunching data on the email ecosystem since our founding in 2016. At this point, we have an enormous dataset on tens of millions of domains, with dozens of data points for each one. In short, the Trusted Domain Clearinghouse is the most definitive, comprehensive database of trustworthy domains on the planet.
It’s also a dynamic and ever-growing collection. When a sending domain that we haven’t yet encountered comes into the system, we mark it as “unknown” and let you apply the policy you choose.
Meanwhile, the Trusted Domain Clearinghouse quickly evaluates the new domain based on dozens of independent factors. Once we have made a determination about the new domain, it gets added to the TDC, either as a trusted domain or an untrusted domain — and then future messages from that domain can be handled accordingly.
Valimail Defend Puts You In Control
With Valimail Defend, messages coming into your organization’s inbox are checked in real time to see whether they come from a trusted domain.
If the sending domain is not trusted, Valimail Defend applies the policy that you want to use:
- Do nothing (useful for testing the Defend system)
- Quarantine the message to a spam folder
- Delete the message from the user’s inbox entirely
- Move the message to a custom folder
We also offer the ability to apply different policies to select inboxes, or to different groups within your organization.
Unprecedented Visibility Into Your Email Environment
With Valimail Defend, you get visibility as well as protection.
Our real-time reports tell you exactly how many domains are trying to send messages into your corporate environment. Reports let you drill down to the group and mailbox levels, to see exactly which addresses are being targeted.
In the reports, you can drill down on sender stats to see how many are trusted domains, how many are untrusted, and what the message volume is for each.
While protection is automatic, visibility like this can often help you uncover details about attacks in progress. It can also shed light on other, less malicious issues in your email ecosystem, such as specific organizations that might be marketing heavily towards your users.
The bottom line: Valimail Defend offers a unique approach to protecting your inbox from dubious and untrusted domains, including cousin-domain/lookalike-domain attacks. It offers visibility into which domains are sending mail to your employees’ inboxes. And it perfectly complements email security solutions like SEGs.